1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
4 <TITLE> Introduction to FreeS/WAN</TITLE>
5 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
7 BODY { font-family: serif; font-size: 11.0pt }
8 H1 { font-family: sans-serif; font-size: 20.0pt }
9 H2 { font-family: sans-serif; font-size: 17.0pt }
10 H3 { font-family: sans-serif; font-size: 14.0pt }
11 H4 { font-family: sans-serif; font-size: 11.0pt }
12 H5 { font-family: sans-serif; font-size: 9.0pt }
13 H6 { font-family: sans-serif; font-size: 8.0pt }
14 SUB { font-size: 8.0pt }
15 SUP { font-size: 8.0pt }
16 PRE { font-size: 9.0pt }
20 <H1 ALIGN="CENTER"><A NAME="CONTENTS">Table of Contents</A></H1>
22 <BR><B><A HREF="intro.html#intro">Introduction</A></B>
24 <LI><A HREF="intro.html#ipsec.intro">IPSEC, Security for the Internet
27 <LI><A HREF="intro.html#intro.interop">Interoperating with other IPSEC
28 implementations</A></LI>
29 <LI><A HREF="intro.html#applications">Applications of IPSEC</A></LI>
30 <LI><A HREF="intro.html#types">The need to authenticate gateways</A></LI>
32 <LI><A HREF="intro.html#project">The FreeS/WAN project</A></LI>
34 <LI><A HREF="intro.html#goals">Project goals</A></LI>
35 <LI><A HREF="intro.html#staff">Project team</A></LI>
36 <LI><A HREF="intro.html#webdocs">Information on the web</A></LI>
37 <LI><A HREF="intro.html#sites">Distribution sites</A></LI>
38 <LI><A HREF="intro.html#archives">Archives of the project mailing list</A>
41 <LI><A HREF="intro.html#products">Products containing FreeS/WAN</A></LI>
43 <LI><A HREF="intro.html#distwith">Full Linux distributions</A></LI>
44 <LI><A HREF="intro.html#fw_dist">Firewall distributions</A></LI>
45 <LI><A HREF="intro.html#turnkey">Firewall and VPN products</A></LI>
47 <LI><A HREF="intro.html#docs">Documentation</A></LI>
49 <LI><A HREF="intro.html#docformats">This HowTo, in multiple formats</A></LI>
50 <LI><A HREF="intro.html#text">Other documents in the distribution</A></LI>
51 <LI><A HREF="intro.html#howto">User-written HowTo information</A></LI>
52 <LI><A HREF="intro.html#applied">Papers on FreeS/WAN</A></LI>
53 <LI><A HREF="intro.html#test">Test results</A></LI>
55 <LI><A HREF="intro.html#licensing">License and copyright information</A></LI>
56 <LI><A HREF="intro.html#1_6">Links to other sections</A></LI>
58 <B><A HREF="install.html#install">Installing FreeS/WAN</A></B>
60 <LI><A HREF="install.html#who.install">Who needs to perform an
61 installation?</A></LI>
62 <LI><A HREF="install.html#re-install">Re-installs</A></LI>
63 <LI><A HREF="install.html#before">Before starting the install</A></LI>
65 <LI><A HREF="install.html#choosek">Choosing a kernel</A></LI>
66 <LI><A HREF="install.html#getkernel">Things you must have installed</A></LI>
67 <LI><A HREF="install.html#2_3_3">Getting FreeS/WAN</A></LI>
68 <LI><A HREF="install.html#kconfig">Kernel configuration</A></LI>
69 <LI><A HREF="install.html#inst-test">Install and test a kernel before
70 adding FreeS/WAN</A></LI>
72 <LI><A HREF="install.html#building">Building and installing the software</A>
75 <LI><A HREF="install.html#allbut">Everything but kernel installation</A></LI>
76 <LI><A HREF="install.html#newk">Installing the new kernel</A></LI>
77 <LI><A HREF="install.html#2_4_3">Make sure Lilo knows about the new
80 <LI><A HREF="install.html#testinstall">Testing to see if install
82 <LI><A HREF="install.html#2_6">Where to go from here</A></LI>
84 <B><A HREF="config.html#setup">Configuration</A></B>
86 <LI><A HREF="config.html#example">Our example networks</A></LI>
87 <LI><A HREF="config.html#testnet">Configuration for a testbed network</A>
89 <LI><A HREF="config.html#setupnet">Set up and test networking</A></LI>
91 <LI><A HREF="config.html#forward">Enabling packet forwarding</A></LI>
92 <LI><A HREF="config.html#othersoft">Other software</A></LI>
94 <LI><A HREF="config.html#rtfm">RTFM (please Read The Fine Manuals)</A></LI>
95 <LI><A HREF="config.html#usersakey">Setting up RSA authentication keys</A>
98 <LI><A HREF="config.html#genrsakey">Generating an RSA key pair</A></LI>
99 <LI><A HREF="config.html#keyexchange">Exchanging authentication keys</A></LI>
100 <LI><A HREF="config.html#useRSA">Using RSA signatures for authentication</A>
103 <LI><A HREF="config.html#basic.conf">The configuration file</A></LI>
105 <LI><A HREF="config.html#setup.conf">The setup section of ipsec.conf(5)</A>
107 <LI><A HREF="config.html#conn.default">Connection defaults</A></LI>
108 <LI><A HREF="config.html#edit.conn">Editing a connection description</A></LI>
109 <LI><A HREF="config.html#which">Which is which?</A></LI>
111 <LI><A HREF="config.html#examples">Example setups</A></LI>
113 <LI><A HREF="config.html#VPNex">VPN</A></LI>
114 <LI><A HREF="config.html#roadex">Road Warrior</A></LI>
115 <LI><A HREF="config.html#oppex">Opportunistic encryption</A></LI>
117 <LI><A HREF="config.html#handy">Simplifying ipsec.conf files</A></LI>
118 <LI><A HREF="config.html#fw.basic">Is there a firewall in play?</A></LI>
119 <LI><A HREF="config.html#testing">Testing the installation</A></LI>
121 <LI><A HREF="config.html#matching">Matching numbers</A></LI>
122 <LI><A HREF="config.html#testsetup">Sanity checking</A></LI>
123 <LI><A HREF="intro.html#test">Starting a connection</A></LI>
124 <LI><A HREF="config.html#pingtest">Ping tests</A></LI>
125 <LI><A HREF="config.html#tcpdump">Testing with tcpdump</A></LI>
127 <LI><A HREF="config.html#links.conf">What next?</A></LI>
128 <LI><A HREF="config.html#otherconf">Other configuration possibilities</A>
131 <LI><A HREF="config.html#choose">Choosing connection types</A></LI>
132 <LI><A HREF="config.html#prodsecrets">Using shared secrets in production</A>
134 <LI><A HREF="config.html#prodman">Using manual keying in production</A></LI>
135 <LI><A HREF="config.html#boot">Setting up connections at boot time</A></LI>
136 <LI><A HREF="config.html#multitunnel">Multiple tunnels between the same
137 two gateways</A></LI>
138 <LI><A HREF="config.html#biggate">Many tunnels from a single gateway</A></LI>
139 <LI><A HREF="glossary.html#extruded">Extruded Subnets</A></LI>
140 <LI><A HREF="config.html#roadvirt">Road Warrior with virtual IP address</A>
142 <LI><A HREF="config.html#dynamic">Dynamic Network Interfaces</A></LI>
143 <LI><A HREF="config.html#unencrypted">Unencrypted tunnels</A></LI>
146 <B><A HREF="manpages.html#manpages">FreeS/WAN manual pages</A></B>
148 <LI><A HREF="manpages.html#man.file">Files</A></LI>
149 <LI><A HREF="manpages.html#man.command">Commands</A></LI>
150 <LI><A HREF="manpages.html#man.lib">Library routines</A></LI>
152 <B><A HREF="firewall.html#firewall">FreeS/WAN and firewalls</A></B>
154 <LI><A HREF="firewall.html#packets">IPSEC packets</A></LI>
156 <LI><A HREF="firewall.html#noport">ESP and AH do not have ports</A></LI>
157 <LI><A HREF="firewall.html#header">Header layout</A></LI>
159 <LI><A HREF="firewall.html#filters">Filtering rules for IPSEC packets</A>
162 <LI><A HREF="firewall.html#through">IPSEC through the gateway</A></LI>
163 <LI><A HREF="firewall.html#ipsec_only">Preventing non-IPSEC traffic</A></LI>
164 <LI><A HREF="firewall.html#unknowngate">Filtering packets from unknown
167 <LI><A HREF="firewall.html#otherfilter">Other packet filters</A></LI>
169 <LI><A HREF="glossary.html#ICMP">ICMP filtering</A></LI>
170 <LI><A HREF="firewall.html#traceroute">UDP packets for traceroute</A></LI>
171 <LI><A HREF="firewall.html#l2tp">UDP for L2TP</A></LI>
173 <LI><A HREF="firewall.html#NAT">IPSEC and NAT</A></LI>
175 <LI><A HREF="firewall.html#nat_ok">NAT on or behind the IPSEC gateway
177 <LI><A HREF="firewall.html#nat_bad">NAT between gateways is problematic</A>
179 <LI><A HREF="firewall.html#">Other references on NAT and IPSEC</A></LI>
181 <LI><A HREF="firewall.html#updown">Calling firewall scripts, named in
182 ipsec.conf(5)</A></LI>
184 <LI><A HREF="firewall.html#pre_post">Scripts called at IPSEC start and
186 <LI><A HREF="firewall.html#up_down">Scripts called at connection up and
188 <LI><A HREF="firewall.html#ipchains.script">Scripts for ipchains</A></LI>
189 <LI><A HREF="firewall.html#dhr">DHR on the updown script</A></LI>
190 <LI><A HREF="firewall.html#exupdownchains">Example updown script for
193 <LI><A HREF="firewall.html#examplefw">Ipchains firewall configuration
196 <LI><A HREF="firewall.html#Ranch.trinity">Scripts based on Ranch's work</A>
198 <LI><A HREF="firewall.html#seawall">The Seattle firewall</A></LI>
199 <LI><A HREF="firewall.html#rcf">The RCF scripts</A></LI>
202 <B><A HREF="trouble.html#debug">Linux FreeS/WAN Troubleshooting</A></B>
204 <LI><A HREF="trouble.html#report">Problem Reporting</A></LI>
205 <LI><A HREF="trouble.html#logusage">Logs used</A></LI>
206 <LI><A HREF="trouble.html#info">Information available on your system</A></LI>
208 <LI><A HREF="trouble.html#pages">man pages provided</A></LI>
209 <LI><A HREF="trouble.html#statusinfo">Status information</A></LI>
211 <LI><A HREF="trouble.html#pluto.problems">Pluto problem hints</A></LI>
213 <LI><A HREF="trouble.html#gdb.pluto">Using GDB on Pluto</A></LI>
215 <LI><A HREF="trouble.html#ifconfig">ifconfig reports for KLIPS debugging</A>
217 <LI><A HREF="trouble.html#testgates">Testing between security gateways</A>
219 <LI><A HREF="trouble.html#c.guide">Claudia's guide</A></LI>
221 <B><A HREF="kernel.html#kernelconfig">Kernel configuration for FreeS/WAN</A>
224 <LI><A HREF="kernel.html#notall">Not everyone needs to worry about
225 kernel configuration</A></LI>
226 <LI><A HREF="kernel.html#assume">Assumptions and notation</A></LI>
228 <LI><A HREF="kernel.html#labels">Labels used</A></LI>
230 <LI><A HREF="kernel.html#kernelopt">Kernel options for FreeS/WAN</A></LI>
232 <B><A HREF="roadmap.html#roadmap">Distribution Roadmap: What's Where in
233 Linux FreeS/WAN</A></B>
235 <LI><A HREF="roadmap.html#top">Top directory</A></LI>
236 <LI><A HREF="roadmap.html#doc">Documentation</A></LI>
237 <LI><A HREF="roadmap.html#klips.roadmap">KLIPS: kernel IP security</A></LI>
238 <LI><A HREF="roadmap.html#pluto.roadmap">Pluto key and connection
239 management daemon</A></LI>
240 <LI><A HREF="roadmap.html#utils">Utils</A></LI>
241 <LI><A HREF="roadmap.html#lib">Libraries</A></LI>
243 <LI><A HREF="roadmap.html#fswanlib">FreeS/WAN Library</A></LI>
244 <LI><A HREF="roadmap.html#otherlib">Imported Libraries</A></LI>
247 <B><A HREF="compat.html#compat">Linux FreeS/WAN Compatibility Guide</A></B>
249 <LI><A HREF="compat.html#spec">Implemented parts of the IPSEC
250 Specification</A></LI>
252 <LI><A HREF="compat.html#in">In Linux FreeS/WAN</A></LI>
253 <LI><A HREF="compat.html#dropped">Deliberately ommitted</A></LI>
254 <LI><A HREF="compat.html#not">Not (yet) in Linux FreeS/WAN</A></LI>
256 <LI><A HREF="compat.html#pfkey">Our PF-Key implementation</A></LI>
258 <LI><A HREF="compat.html#pfk.port">PF-Key portability</A></LI>
260 <LI><A HREF="compat.html#otherk">Kernels other than 2.0.38 and 2.2.18</A>
263 <LI><A HREF="compat.html#kernel.2.0">Other 2.0.x Intel Kernels</A></LI>
264 <LI><A HREF="compat.html#kernel.production">2.2 and 2.4 Kernels</A></LI>
266 <LI><A HREF="compat.html#otherdist">Intel Linux distributions other
269 <LI><A HREF="compat.html#rh7">Redhat 7.0</A></LI>
270 <LI><A HREF="compat.html#suse">SuSE Linux</A></LI>
271 <LI><A HREF="compat.html#slack">Slackware</A></LI>
272 <LI><A HREF="compat.html#deb">Debian</A></LI>
273 <LI><A HREF="compat.html#caldera">Caldera</A></LI>
275 <LI><A HREF="compat.html#CPUs">CPUs other than Intel</A></LI>
277 <LI><A HREF="compat.html# strongarm">Corel Netwinder (StrongARM CPU)</A></LI>
278 <LI><A HREF="compat.html#yellowdog">Yellow Dog Linux on Power PC</A></LI>
279 <LI><A HREF="compat.html#mklinux">Mklinux</A></LI>
280 <LI><A HREF="compat.html#alpha">Alpha 64-bit processors</A></LI>
281 <LI><A HREF="compat.html#SPARC">Sun SPARC processors</A></LI>
282 <LI><A HREF="compat.html#mips">MIPS processors</A></LI>
283 <LI><A HREF="compat.html#coldfire">Motorola Coldfire</A></LI>
285 <LI><A HREF="compat.html#multiprocessor">Multiprocessor machines</A></LI>
286 <LI><A HREF="compat.html#hardware">Support for crypto hardware</A></LI>
287 <LI><A HREF="compat.html#ipv6">IP version 6 (IPng)</A></LI>
289 <LI><A HREF="compat.html#v6.back">IPv6 background</A></LI>
292 <B><A HREF="interop.html#10">Interoperation with other IPSEC
293 implementations</A></B>
295 <LI><A HREF="interop.html#patch.interop">Patches to extend
296 interoperability</A></LI>
297 <LI><A HREF="interop.html#interop.problem">Interoperability problems</A></LI>
299 <LI><A HREF="interop.html#noDES">Systems that want to use single DES</A></LI>
301 <LI><A HREF="interop.html#otherpub">Interop HowTo documents</A></LI>
302 <LI><A HREF="interop.html#mail.interop">Interoperation with specific
305 <LI><A HREF="interop.html#oldswan">Older versions of FreeS/WAN</A></LI>
306 <LI><A HREF="interop.html#OpenBSD">OpenBSD</A></LI>
307 <LI><A HREF="interop.html#FreeBSD">FreeBSD</A></LI>
308 <LI><A HREF="interop.html#NetBSD">NetBSD</A></LI>
309 <LI><A HREF="interop.html#Cisco">Cisco Routers</A></LI>
310 <LI><A HREF="interop.html#bay">Nortel (Bay Networks) Contivity switch</A>
312 <LI><A HREF="interop.html#Raptor">Raptor Firewall</A></LI>
313 <LI><A HREF="interop.html#gauntlet">Gauntlet firewall GVPN</A></LI>
314 <LI><A HREF="interop.html#checkpoint">Checkpoint Firewall-1</A></LI>
315 <LI><A HREF="interop.html#redcreek">Redcreek Ravlin</A></LI>
316 <LI><A HREF="interop.html#sentinel">SSH Sentinel</A></LI>
317 <LI><A HREF="interop.html#Fsecure">F-Secure VPN for Windows</A></LI>
318 <LI><A HREF="interop.html#watchguard">Watchguard</A></LI>
319 <LI><A HREF="interop.html#Xedia">Xedia Access Point/QVPN</A></LI>
320 <LI><A HREF="interop.html#pgpnet">PGP Mac and Windows IPSEC Client</A></LI>
321 <LI><A HREF="interop.html#IRE">IRE Safenet/SoftPK</A></LI>
322 <LI><A HREF="interop.html#borderware">Borderware</A></LI>
323 <LI><A HREF="interop.html#freegate">Freegate</A></LI>
324 <LI><A HREF="interop.html#timestep">Timestep</A></LI>
325 <LI><A HREF="interop.html#shiva">Shiva/Intel LANrover</A></LI>
326 <LI><A HREF="interop.html#solaris">Sun Solaris</A></LI>
327 <LI><A HREF="interop.html#sonicwall">Sonicwall</A></LI>
328 <LI><A HREF="interop.html#radguard">Radguard</A></LI>
329 <LI><A HREF="interop.html#winclient">Windows clients</A></LI>
330 <LI><A HREF="interop.html#NTdomain">NT domains vs. tunnels</A></LI>
331 <LI><A HREF="interop.html#win2k">Windows 2000</A></LI>
334 <B><A HREF="politics.html#politics">History and politics of cryptography</A>
337 <LI><A HREF="politics.html#intro.politics">Introduction</A></LI>
339 <LI><A HREF="politics.html#11_1_1">History</A></LI>
340 <LI><A HREF="politics.html#intro.poli">Politics</A></LI>
341 <LI><A HREF="politics.html#11_1_3">Links</A></LI>
342 <LI><A HREF="politics.html#11_1_4">Outline of this section</A></LI>
344 <LI><A HREF="politics.html#leader">From our project leader</A></LI>
346 <LI><A HREF="politics.html#gilmore">Swan: Securing the Internet against
348 <LI><A HREF="politics.html#policestate">Stopping wholesale monitoring</A>
351 <LI><A HREF="politics.html#weak">Government promotion of weak crypto</A></LI>
353 <LI><A HREF="politics.html#escrow">Escrowed encryption</A></LI>
354 <LI><A HREF="politics.html#shortkeys">Limited key lengths</A></LI>
356 <LI><A HREF="politics.html#exlaw">Cryptography Export Laws</A></LI>
358 <LI><A HREF="politics.html#USlaw">US Law</A></LI>
359 <LI><A HREF="politics.html#wrong">What's wrong with restrictions on
360 cryptography</A></LI>
361 <LI><A HREF="politics.html#Wassenaar">The Wassenaar Arrangement</A></LI>
362 <LI><A HREF="politics.html#status">Export status of Linux FreeS/WAN</A></LI>
363 <LI><A HREF="politics.html#help">Help spread IPSEC around</A></LI>
365 <LI><A HREF="politics.html#desnotsecure">DES is Not Secure</A></LI>
367 <LI><A HREF="politics.html#deshware">Dedicated hardware breaks DES in a
369 <LI><A HREF="politics.html#spooks">Spooks may break DES faster yet</A></LI>
370 <LI><A HREF="politics.html#desnet">Networks break DES in a few weeks</A></LI>
371 <LI><A HREF="politics.html#no_des">We disable DES</A></LI>
372 <LI><A HREF="politics.html#40joke">40-bits is laughably weak</A></LI>
373 <LI><A HREF="politics.html#altdes">Triple DES is almost certainly secure</A>
375 <LI><A HREF="politics.html#aes.ipsec">AES in IPSEC</A></LI>
377 <LI><A HREF="politics.html#press">Press coverage of Linux FreeS/WAN:</A></LI>
379 <LI><A HREF="politics.html#11_6_1">FreeS/WAN 1.0 press</A></LI>
380 <LI><A HREF="politics.html#release">Press release for version 1.0</A></LI>
383 <B><A HREF="ipsec.html#ipsec.detail">The IPSEC protocols</A></B>
385 <LI><A HREF="ipsec.html#others">Applying IPSEC</A></LI>
387 <LI><A HREF="ipsec.html#advantages">Advantages of IPSEC</A></LI>
388 <LI><A HREF="ipsec.html#limitations">Limitations of IPSEC</A></LI>
389 <LI><A HREF="ipsec.html#uses">IPSEC is a general mechanism for securing
391 <LI><A HREF="ipsec.html#authonly">Using authentication without
393 <LI><A HREF="ipsec.html#encnoauth">Encryption without authentication is
395 <LI><A HREF="ipsec.html#multilayer">Multiple layers of IPSEC processing
396 are possible</A></LI>
397 <LI><A HREF="ipsec.html#traffic.resist">Resisting traffic analysis</A></LI>
399 <LI><A HREF="ipsec.html#primitives">Cryptographic components</A></LI>
401 <LI><A HREF="ipsec.html#block.cipher">Block ciphers</A></LI>
402 <LI><A HREF="ipsec.html#hash.ipsec">Hash functions</A></LI>
403 <LI><A HREF="ipsec.html#DH.keying">Diffie-Hellman key agreement</A></LI>
404 <LI><A HREF="ipsec.html#RSA.auth">RSA authentication</A></LI>
406 <LI><A HREF="ipsec.html#structure">Structure of IPSEC</A></LI>
408 <LI><A HREF="ipsec.html#IKE.ipsec">IKE (Internet Key Exchange)</A></LI>
409 <LI><A HREF="ipsec.html#services">IPSEC Services, AH and ESP</A></LI>
410 <LI><A HREF="ipsec.html#AH.ipsec">The Authentication Header (AH)</A></LI>
411 <LI><A HREF="ipsec.html#ESP.ipsec">Encapsulated Security Payload (ESP)</A>
414 <LI><A HREF="ipsec.html#modes">IPSEC modes</A></LI>
416 <LI><A HREF="ipsec.html#tunnel.ipsec">Tunnel mode</A></LI>
417 <LI><A HREF="ipsec.html#transport.ipsec">Transport mode</A></LI>
419 <LI><A HREF="ipsec.html#parts">FreeS/WAN parts</A></LI>
421 <LI><A HREF="ipsec.html#KLIPS.ipsec">KLIPS: Kernel IPSEC Support</A></LI>
422 <LI><A HREF="ipsec.html#Pluto.ipsec">The Pluto daemon</A></LI>
423 <LI><A HREF="ipsec.html#command">The ipsec(8) command</A></LI>
424 <LI><A HREF="ipsec.html#ipsec.conf">Linux FreeS/WAN configuration file</A>
427 <LI><A HREF="ipsec.html#key">Key management</A></LI>
429 <LI><A HREF="ipsec.html#current">Currently Implemented Methods</A></LI>
430 <LI><A HREF="ipsec.html#notyet">Methods not yet implemented</A></LI>
433 <B><A HREF="mail.html#lists">Mailing lists and newsgroups</A></B>
435 <LI><A HREF="mail.html#list.fs">Mailing lists about FreeS/WAN</A></LI>
437 <LI><A HREF="mail.html#projlist">The project mailing lists</A></LI>
438 <LI><A HREF="mail.html#archive">Archives of the lists</A></LI>
440 <LI><A HREF="mail.html#indexes">Indexes of mailing lists</A></LI>
441 <LI><A HREF="mail.html#otherlists">Lists for related software and topics</A>
444 <LI><A HREF="mail.html#linux.lists">Linux mailing lists</A></LI>
445 <LI><A HREF="glossary.html#ietf">Lists for IETF working groups</A></LI>
446 <LI><A HREF="mail.html#other">Other mailing lists</A></LI>
448 <LI><A HREF="mail.html#newsgroups">Usenet newsgroups</A></LI>
450 <B><A HREF="web.html#weblink">Web links</A></B>
452 <LI><A HREF="web.html#freeswan">The Linux FreeS/WAN Project</A></LI>
454 <LI><A HREF="web.html#patch">Add-ons and patches for FreeS/WAN</A></LI>
455 <LI><A HREF="web.html#dist">Distributions including FreeS/WAN</A></LI>
456 <LI><A HREF="web.html#used">Things FreeS/WAN uses or could use</A></LI>
457 <LI><A HREF="web.html#alternatives">Other approaches to VPNs for Linux</A>
460 <LI><A HREF="web.html#ipsec.link">The IPSEC Protocols</A></LI>
462 <LI><A HREF="web.html#general">General IPSEC or VPN information</A></LI>
463 <LI><A HREF="web.html#overview">IPSEC overview documents or slide sets</A>
465 <LI><A HREF="web.html#otherlang">IPSEC information in languages other
466 than English</A></LI>
467 <LI><A HREF="web.html#RFCs1">RFCs and other reference documents</A></LI>
468 <LI><A HREF="web.html#analysis">Analysis and critiques of IPSEC
470 <LI><A HREF="web.html#IP.background">Background information on IP</A></LI>
472 <LI><A HREF="web.html#implement">IPSEC Implementations</A></LI>
474 <LI><A HREF="web.html#linuxprod">Linux products</A></LI>
475 <LI><A HREF="web.html#router">IPSEC in router products</A></LI>
476 <LI><A HREF="web.html#fw.web">IPSEC in firewall products</A></LI>
477 <LI><A HREF="web.html#ipsecos">Operating systems with IPSEC support</A></LI>
478 <LI><A HREF="web.html#opensource">Open source IPSEC implementations</A></LI>
479 <LI><A HREF="web.html#interop">Interoperability</A></LI>
481 <LI><A HREF="web.html#linux.link">Linux links</A></LI>
483 <LI><A HREF="web.html#linux.basic">Basic and tutorial Linux information</A>
485 <LI><A HREF="web.html#general">General Linux sites</A></LI>
486 <LI><A HREF="web.html#docs1">Documentation</A></LI>
487 <LI><A HREF="web.html#advroute.web">Advanced routing</A></LI>
488 <LI><A HREF="web.html#linsec">Security for Linux</A></LI>
489 <LI><A HREF="web.html#firewall.linux">Linux firewalls</A></LI>
490 <LI><A HREF="web.html#linux.misc">Miscellaneous Linux information</A></LI>
492 <LI><A HREF="web.html#crypto.link">Crypto and security links</A></LI>
494 <LI><A HREF="web.html#security">Crypto and security resources</A></LI>
495 <LI><A HREF="web.html#policy">Cryptography law and policy</A></LI>
496 <LI><A HREF="web.html#crypto.tech">Cryptography technical information</A>
498 <LI><A HREF="web.html#compsec">Computer and network security</A></LI>
499 <LI><A HREF="web.html#people">Links to home pages</A></LI>
502 <B><A HREF="glossary.html#ourgloss">Glossary for the Linux FreeS/WAN
505 <LI><A HREF="glossary.html#jump">Jump to a letter in the glossary</A></LI>
506 <LI><A HREF="glossary.html#gloss">Other glossaries</A></LI>
507 <LI><A HREF="glossary.html#definitions">Definitions</A></LI>
509 <B><A HREF="biblio.html#biblio">Bibliography for the Linux FreeS/WAN
512 <BR><B><A HREF="rfc.html#RFC">IPSEC RFCs and related documents</A></B>
514 <LI><A HREF="rfc.html#RFCfile">The RFCs.tar.gz Distribution File</A></LI>
515 <LI><A HREF="rfc.html#sources">Other sources for RFCs & Internet drafts</A>
518 <LI><A HREF="rfc.html#RFCdown">RFCs</A></LI>
519 <LI><A HREF="rfc.html#drafts">Internet Drafts</A></LI>
520 <LI><A HREF="rfc.html#FIPS1">FIPS standards</A></LI>
521 <LI><A HREF="rfc.html#doc.cd">Document CDs</A></LI>
523 <LI><A HREF="rfc.html#RFCs.tar.gz">What's in the RFCs.tar.gz bundle?</A></LI>
525 <LI><A HREF="rfc.html#rfc.ov">Overview RFCs</A></LI>
526 <LI><A HREF="rfc.html#basic.prot">Basic protocols</A></LI>
527 <LI><A HREF="rfc.html#key.ike">Key management</A></LI>
528 <LI><A HREF="rfc.html#rfc.detail">Details of various things used</A></LI>
529 <LI><A HREF="rfc.html#rfc.ref">Older RFCs which may be referenced</A></LI>
530 <LI><A HREF="rfc.html#rfc.dns">RFCs for secure DNS service, which IPSEC
532 <LI><A HREF="rfc.html#rfc.exp">RFCs labelled "experimental"</A></LI>
533 <LI><A HREF="rfc.html#rfc.rel">Related RFCs</A></LI>
536 <B><A HREF="faq.html#18">FreeS/WAN FAQ</A></B>
538 <LI><A HREF="faq.html#questions">Questions</A></LI>
539 <LI><A HREF="faq.html#whatzit"> What is FreeS/WAN?</A></LI>
540 <LI><A HREF="faq.html#problems">How do I report a problem or seek help?</A>
542 <LI><A HREF="faq.html#generic">Generic questions</A></LI>
544 <LI><A HREF="faq.html#lemme_out">This is too complicated. Isn't there
545 an easier way?</A></LI>
546 <LI><A HREF="faq.html#commercial">Can I get commercial support for this
548 <LI><A HREF="faq.html#modify.faq">Can I modify FreeS/WAN to ...?</A></LI>
549 <LI><A HREF="faq.html#contrib.faq">Can I contribute to the project?</A></LI>
550 <LI><A HREF="faq.html#ddoc.faq">Is there detailed design documentation?</A>
552 <LI><A HREF="faq.html#interop.faq">Can FreeS/WAN talk to ...?</A></LI>
553 <LI><A HREF="faq.html#old_to_new">Can different FreeS/WAN versions talk
554 to each other?</A></LI>
555 <LI><A HREF="faq.html#versions">Does FreeS/WAN run on my version of
557 <LI><A HREF="faq.html#k.versions">Does FreeS/WAN run on the latest
558 kernel version?</A></LI>
559 <LI><A HREF="faq.html#faq.speed">Is a ... fast enough to handle
560 FreeS/WAN with ... connections?</A></LI>
562 <LI><A HREF="faq.html#compile.faq">Compilation problems</A></LI>
564 <LI><A HREF="faq.html#gmp.h_missing">gmp.h: No such file or directory</A>
566 <LI><A HREF="faq.html#noVM">... virtual memory exhausted</A></LI>
568 <LI><A HREF="faq.html#setup.faq">Life's little mysteries</A></LI>
570 <LI><A HREF="faq.html#cantping">I cannot ping ....</A></LI>
571 <LI><A HREF="faq.html#forever">It takes forever to ...</A></LI>
572 <LI><A HREF="faq.html#route">I send packets to the tunnel with route(8)
573 but they vanish</A></LI>
574 <LI><A HREF="faq.html#down_route">When a tunnel goes down, packets
576 <LI><A HREF="faq.html#firewall_ate">The firewall ate my packets!</A></LI>
577 <LI><A HREF="faq.html#dropconn">Dropped connections</A></LI>
578 <LI><A HREF="faq.html#tcpdump.faq">TCPdump on the gateway shows strange
580 <LI><A HREF="faq.html#no_trace">Traceroute does not show anything
581 between the gateways</A></LI>
583 <LI><A HREF="faq.html#man4debug">Testing in stages</A></LI>
585 <LI><A HREF="faq.html#nomanual">Manually keyed connections don't work</A>
587 <LI><A HREF="faq.html#spi_error">One manual connection works, but
588 second one fails</A></LI>
589 <LI><A HREF="faq.html#man_no_auto">Manual connections work, but
590 automatic keying doesn't</A></LI>
591 <LI><A HREF="faq.html#nocomp">IPSEC works, but connections using
592 compression fail</A></LI>
593 <LI><A HREF="faq.html#pmtu.broken">Small packets work, but large
594 transfers fail</A></LI>
595 <LI><A HREF="faq.html#subsub">Subnet-to-subnet works, but tests from
596 the gateways don't</A></LI>
598 <LI><A HREF="faq.html#error">Interpreting error messages</A></LI>
600 <LI><A HREF="faq.html#unreachable">SIOCADDRT:Network is unreachable</A></LI>
601 <LI><A HREF="faq.html#noKLIPS">ipsec_setup: Fatal error, kernel appears
602 to lack KLIPS</A></LI>
603 <LI><A HREF="faq.html#noDNS">ipsec_setup: ... failure to fetch key for
604 ... from DNS</A></LI>
605 <LI><A HREF="faq.html#dup_address">ipsec_setup: ... interfaces ... and
606 ... share address ...</A></LI>
607 <LI><A HREF="faq.html#kflags">ipsec_setup: Cannot adjust kernel flags</A>
609 <LI><A HREF="faq.html#conn_name">Connection names in Pluto error
611 <LI><A HREF="faq.html#cantorient">Pluto: ... can't orient connection</A></LI>
612 <LI><A HREF="faq.html#noconn">Pluto: ... no connection is known</A></LI>
613 <LI><A HREF="faq.html#nosuit">Pluto: ... no suitable connection ...</A></LI>
614 <LI><A HREF="faq.html#noconn.auth">Pluto: ... no connection has been
616 <LI><A HREF="faq.html#noDESsupport">Pluto: ... OAKLEY_DES_CBC is not
618 <LI><A HREF="faq.html#notransform"> Pluto: ... no acceptable transform</A>
620 <LI><A HREF="faq.html#econnrefused">ECONNREFUSED error message</A></LI>
621 <LI><A HREF="faq.html#SAused">... trouble writing to /dev/ipsec ... SA
622 already in use</A></LI>
623 <LI><A HREF="faq.html#ignore">... ignoring ... payload</A></LI>
625 <LI><A HREF="faq.html#canI">Can I ...</A></LI>
627 <LI><A HREF="faq.html#reload">Can I reload connection info without
629 <LI><A HREF="faq.html#masq.faq">Can I use several masqueraded subnets?</A>
631 <LI><A HREF="faq.html#dup_route">Can I use subnets masqueraded to the
632 same addresses?</A></LI>
633 <LI><A HREF="faq.html#road.masq">Can I assign a road warrior an address
635 <LI><A HREF="faq.html#QoS">Can I use Quality of Service routing with
637 <LI><A HREF="faq.html#deadtunnel">Can I recognise dead tunnels and shut
639 <LI><A HREF="faq.html#demanddial">Can I build IPSEC tunnels over a
640 demand-dialed link?</A></LI>
641 <LI><A HREF="faq.html#GRE">Can I build GRE tunnels over IPSEC?</A></LI>
642 <LI><A HREF="faq.html#PKIcert"> Does FreeS/WAN support X.509 or other
643 PKI certificates?</A></LI>
644 <LI><A HREF="faq.html#Radius">Does FreeS/WAN support Radius or other
645 user authentication?</A></LI>
646 <LI><A HREF="faq.html#noDES.faq">Does FreeS/WAN support single DES
649 <LI><A HREF="faq.html#spam">Why don't you restrict the mailing lists to
650 reduce spam?</A></LI>
652 <B><A HREF="performance.html#performance">Performance of FreeS/WAN</A></B>
654 <LI><A HREF="performance.html#methods">Methods of mesasuring</A></LI>